installer has a customized security policy in the form of Group Policy Object
(GPO) backup. You can apply this policy into a separate Organization Unit (OU),
that contains Unified CCE servers. The policy ensures the proper functioning of
the Unified CCE application, and with improved security. Clearly identify the
OU as Cisco_ICM_Servers (or a similar clearly identifiable name) and ensure
that it is documented in accordance with your corporate policy.
Create this OU
either at the same level as the
Computers container or at the Cisco ICM Root OU. If
you are unfamiliar with Active Directory, engage your Domain Administrator to
assist you with Group Policy deployments.
You can only
apply Unified CCE GPO backup to the member server OU that is created under
Windows Server 2008 R2 and
2012 R2 Domain Controller.
Figure 1. Group Policy
After the security
policy is applied at the OU level, any differing policies must be blocked from
being inherited at the Unified ICM/Unified CCE Servers OU. Keep in mind that
you can override blocking inheritance, a configuration option at the OU object
level, when you select the Enforced/No Override option at a higher hierarchy
level. The application of group policies must follow a thought-out design that
starts with the most common denominator, and those policies must be restrictive
only at the appropriate level in the hierarchy.